Security News > 2023 > September > More Okta customers trapped in Scattered Spider's web

Customers of cloudy identification vendor Okta are reporting social engineering attacks targeting their IT service desks in attempts to compromise user accounts with administrator permissions.

"We don't have visibility into which customers were targeted, but we know that four customers were affected within the three-week period since we've begun tracking these activities," he told The Register.

When asked if Okta attributed the attacks to a particular group, Bradbury said "Other cyber security companies have linked this behavior to threat actors known as Scattered Spider."

Trellix also linked Scattered Spider to the August 2022 Oktapus phishing campaign during which the criminals gained unauthorized access to 163 Twilio customers, including Okta.

Similar to last year's attacks, after gaining access to admin accounts, Scattered Spider then assigned higher privileges to other accounts and also removed second-factor authentication requirements tied to some users.

Okta suggests several measures customers can take to protect themselves against this and similar phishing campaigns, including phishing-resistant authentication, and requiring re-authentication at every sign-in for privileged applications.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/09/01/okta_scattered_spider/